zlacker

[parent] [thread] 2 comments
1. Schema+(OP)[view] [source] 2026-01-11 23:57:14
I actually didn't know I had. At the time I didn't properly know how docker networking worked and I exposed redis to the host so my other containers could access it. And then since this was on a VPS with a dedicated IP, this made it exposed to the whole internet.

I now know better, but there are still a million other pitfalls to fall in to if you are not a full time system admin. So I prefer to just put it all behind a VPN and know that it's safe.

replies(1): >>drnick+r4
2. drnick+r4[view] [source] 2026-01-12 00:33:04
>>Schema+(OP)
> but there are still a million other pitfalls to fall in to if you are not a full time system admin.

Pro tip: After you configure a new service, review the output of ss -tulpn. This will tell you what ports are open. You should know exactly what each line represents, especially those that bind on 0.0.0.0 or [::] or other public addresses.

The pitfall that you mentioned (Docker automatically punching a hole in the firewall for the services that it manages when an interface isn't specified) is discoverable this way.

replies(1): >>jsrcou+u7
◧◩
3. jsrcou+u7[view] [source] [discussion] 2026-01-12 00:55:47
>>drnick+r4
Thanks, didn't know about this one.
[go to top]